Last updated: January 2024

This policy outlines how Private Doctor London retains and secures your personal and medical data in compliance with UK GDPR and the Data Protection Act 2018.

1. Data Retention Periods

• Medical records: Retained for a minimum of 8 years from the date of last entry (or until the patient's 25th birthday if this is longer) in line with NHS guidelines.
• Financial records: Retained for 7 years in compliance with HMRC requirements.
• Website enquiry data: Retained for up to 2 years unless a longer retention is required.
• Marketing consents: Retained until consent is withdrawn.

2. Data Security

We implement appropriate technical and organisational security measures to protect your data against unauthorised access, loss, or disclosure. These include:

• Encrypted data storage and transmission (SSL/TLS)
• Access controls limiting data to authorised staff only
• Regular security reviews and staff training
• Secure disposal of physical documents

3. Data Breach Procedure

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay.

4. Contact

For questions about data retention and security, contact us at info@privatedoctor.london.